Displaying Stateless Firewall Filter Logs

Purpose

Verify that packets are being logged. If you included the log or syslog action in a term, verify that packets matching the term are recorded in the firewall log or your system logging facility.

Action

From operational mode in the CLI, enter the show firewall log command.

The log of discarded packets generated from the stateless firewall filter configured in Configuring a Routing Engine Firewall Filter for Services and Protocols from Trusted Sources is displayed in the following sample output.

Log :
Time      Filter    Action Interface     Protocol Src Addr      Dest Addr
15:11:02  pfe       D      ge-0/0/0.0    TCP      172.17.28.19  192.168.70.71
15:11:01  pfe       D      ge-0/0/0.0    TCP      172.17.28.19  192.168.70.71
15:11:01  pfe       D      ge-0/0/0.0    TCP      172.17.28.19  192.168.70.71
15:11:01  pfe       D      ge-0/0/0.0    TCP      172.17.28.19  192.168.70.71
...

What it Means

Each record of the output contains information about the logged packet. Verify the following information:

• Under Time, the time of day the packet was filtered is shown.
• The Filter output is always pfe.
• Under Action, the configured action of the term matches the action taken on the packet—A (accept), D (discard), R (reject).
• Under Interface, the inbound (ingress) interface on which the packet arrived is appropriate for the filter.
• Under Protocol, the protocol in the IP header of the packet is appropriate for the filter.
• Under Src Addr, the source address in the IP header of the packet is appropriate for the filter.
• Under Dest Addr, the destination address in the IP header of the packet is appropriate for the filter.

See Also